Personal Data (2)

Question 1

What are the 4 building blocks to identify personal data?

Answer 1

1. any information
2. relating to
3. an identified or identifiable
4. natural person (data subject)

Question 2

What is anonymous data?

Answer 2

information not related to an identified or identifiable natural person

or

that has been rendered unidentifiable

Article 26: GDPR does not apply to processing of anonymous data

Question 3

What is pseudonymous data?

Answer 3

processing of personal data in a way that it can no longer be attributed to a specific data subject without the use of additional information

• additional information must be kept separately
• additional information subject to technical and organizational measures

Question 4

What are special categories of data?

Answer 4

1. Racial or ethnic origin
2. Political opinions
3. Religious or philosophical beliefs
4. Trade union membership
5. Genetic data
6. Biometric data (for purpose of uniquely identifying individual)
7. Health data
8. Sex life or sexual orientation

processing of special category data prohibited under Article 9

Question 5

Is data related to criminal convictions and offenses considered special category data under GDPR?

Answer 5

No.

Article 10: processing only under control of official authority or when processing is authorized by Union or Member State law providing for appropriate safeguards for rights and freedoms

comprehensive register of criminal convictions only kept under control of official authority

Question 6

Is device dynamic IP address considered personal data?

Answer 6

Yes.

• Static - always relates to a single individual
• Dynamic - there is a pattern of identification

Question 7

Does information need to be true to be considered personal data?

Answer 7

No.

any statements, objective or subjective, considered personal data

Question 8

What content can be considered personal data?

Answer 8

information about an individual’s

• private life
• activities

Question 9

For personal data to relate to an individual one of three elements must apply:

Answer 9

personal data must:

1. be about them
2. used to evaluate them
3. impact their rights and freedoms

Question 10

T/F: A person is identifiable when it is possible to do it, even if they haven’t been identified yet

(Opinion 4/2007)

Answer 10

True

Question 11

What is the threshold for the possibility of identification?

Recital 26

Answer 11

reasonable likelihood, considering costs, amount of time, available technology and technological developments

Question 12

Does GDPR apply to personal data of deceased persons?

Answer 12

No.

member states may provide for specific rules in this area

Recital 27

Question 13

Is processing of photographs considered special category of personal data?

Answer 13

Not systematically, depends on the purpose of processing the photograph

Question 14

How is pseudonymization defined in GDPR?

Answer 14

processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject, without the use of additional information, provided that such information is kept separately and is subject to safeguards

Question 15

Why is pseudonymization promoted by GDPR?

Answer 15

as a safeguard to achieve data minimization for privacy
additional protection for determining compatibility of new purpose with original purpose

Question 16

Can identifying the handwriting of an individual be considered personal data?

Answer 16

yes